Systemd gets seccomp filter support

Lennart Poettering has informed
the world that the systemd init daemon now has initial support for theseccomp filter mechanism found in the 3.5
kernel. The end result is that processes can be easily configured to be
run in a sandboxed environment. "It's actually really cool, and dead
simple to use. A Cheers! for security!"